Malware, Threat Intelligence

China subjected to new ValleyRAT malware attack campaign

Focus on malware

Hackread reports that Windows users across China have been subjected to multi-stage intrusions with the ValleyRAT malware as part of a new campaign.

Attacks commence with the delivery of fraudulent business- or finance-related documents, which when executed open the default app for Word documents while establishing a mutex and altering registry entries to ensure persistence, a Fortinet FortiGuard Labs report showed. Threat actors then use a shellcode to enable stealthy malware loading into memory and the eventual retrieval of ValleyRAT, which not only facilitates activity tracking and arbitrary plugin distribution but also file execution, screenshot capturing, and data exfiltration, noted FortiGuard Labs researchers. ValleyRAT was also noted to enable registry manipulation and system function takeovers. Such findings follow previous studies associating ValleyRAT, which had been leveraged to compromise finance, sales, e-commerce, and management organizations, with suspected advanced persistent threat operation Silver Fox.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds